Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-5446

CWE-22Path Traversal4 documents4 sources
Severity
5.0MEDIUM
EPSS
65.7%
top 1.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Zohocorp Manageengine It360Zohocorp Manageengine Netflow Analyzer
Timeline
PublishedDec 4
Latest updateMay 14

Description

Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Patches

Patch: support.zoho.comPatch: support.zoho.com

🔴Vulnerability Details

2
GHSA
GHSA-wg3w-c87j-34gj: Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 82022-05-14
CVEList
CVE-2014-5446: Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 82014-12-04

💥Exploits & PoCs

1
Exploit-DB
ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download2014-12-03
CVE-2014-5446 (MEDIUM CVSS 5) | Directory traversal vulnerability i | cvebase.io